Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
1.6
-
None
-
None
-
None
Description
batik-pdf includes, embedded within it, some classes from org.apache.commons.io, specifically CopyUtils and IOUtils. The jar file is signed. When this jar file is used in a system that also includes the unsigned commons-io.jar it is possible to get a SecurityException because the JVM may try to load one of these classes from the unsigned jar after having loaded the other one from Batik's jar. I think this problem is exacerbated by OSGi.
In any event, commons-io should be a dependency, NOT partially embedded in batik-pdf. If you must embed it, then change the package name so it does not conflict.
See also https://bugs.eclipse.org/bugs/show_bug.cgi?id=363903 – the real issue is here in the batik-pdf jar file (and possibly in other Batik jar files as well).